All SCIM requests on a PingDirectoryProxy Server must use OAuth 2.0 bearer token authentication. Bearer tokens are evaluated using the SCIM 2 servlet extension’s configured Access Token Validators. Basic authentication is not supported.

In addition to requiring bearer tokens, the server will not process any SCIM requests unless it has at least one encryption-settings definition in its encryption-settings database. You can create the necessary definition(s) with the encryption-settings command-line tool. See Encrypting Sensitive Data for more information.

Note: Encryption settings need to be defined on the Proxy and all backend PD servers, and the encryption settings should match.